stopped lisp symbols as values from being able to inject sql (SECURITY BUG)

[clsql.git] / sql / generics.lisp

diff --git a/sql/generics.lisp b/sql/generics.lisp
index ac9f0bd2047c4f77c96a8b4611660ff84abaeead..0d1a4da4bcac85582e4a4bb24d568934bef07d97 100644 (file)
--- a/sql/generics.lisp
+++ b/sql/generics.lisp
@@ -4,12 +4,10 @@
 ;;;;
 ;;;; Name:     generics.lisp
 ;;;; Purpose:  Generic function definitions for DB interfaces
 ;;;;
 ;;;; Name:     generics.lisp
 ;;;; Purpose:  Generic function definitions for DB interfaces

-;;;; Author:   Kevin M. Rosenberg based on
+;;;; Author:   Kevin M. Rosenberg

 ;;;; Created:  Apr 2004
 ;;;;
 ;;;; Created:  Apr 2004
 ;;;;

-;;;; $Id: db-interface.lisp 9123 2004-04-21 20:34:42Z kevin $
-;;;;
-;;;; This file, part of CLSQL, is Copyright (c) 2002-2004 by Kevin M. Rosenberg
+;;;; This file, part of CLSQL, is Copyright (c) 2004-2010 by Kevin M. Rosenberg

 ;;;;
 ;;;; CLSQL users are granted the rights to distribute and use this software
 ;;;; as governed by the terms of the Lisp Lesser GNU Public License
 ;;;;
 ;;;; CLSQL users are granted the rights to distribute and use this software
 ;;;; as governed by the terms of the Lisp Lesser GNU Public License


@@ -18,6 +16,43 @@
 
 (in-package #:clsql-sys)
 
 
 (in-package #:clsql-sys)
 

+
+;; FDML
+(defgeneric choose-database-for-instance (object &optional database)
+  (:documentation "Used by the oodml functions to select which
+ database object to use. Chooses the database associated with the
+ object primarily, falls back to the database provided as an argument
+ or the *DEFAULT-DATABASE*."))
+
+(defgeneric execute-command (expression &key database)
+  (:documentation
+   "Executes the SQL command EXPRESSION, which may be an SQL
+expression or a string representing any SQL statement apart from
+a query, on the supplied DATABASE which defaults to
+*DEFAULT-DATABASE*."))
+
+
+(defgeneric query (query-expression &key database result-types flatp field-names)
+  (:documentation
+   "Executes the SQL query expression QUERY-EXPRESSION, which may
+be an SQL expression or a string, on the supplied DATABASE which
+defaults to *DEFAULT-DATABASE*. RESULT-TYPES is a list of symbols
+which specifies the lisp type for each field returned by
+QUERY-EXPRESSION. If RESULT-TYPES is nil all results are returned
+as strings whereas the default value of :auto means that the lisp
+types are automatically computed for each field. FIELD-NAMES is t
+by default which means that the second value returned is a list
+of strings representing the columns selected by
+QUERY-EXPRESSION. If FIELD-NAMES is nil, the list of column names
+is not returned as a second value. FLATP has a default value of
+nil which means that the results are returned as a list of
+lists. If FLATP is t and only one result is returned for each
+record selected by QUERY-EXPRESSION, the results are returned as
+elements of a list."))
+
+
+;; OODML
+

 (defgeneric update-record-from-slot (object slot &key database)
   (:documentation
    "Updates the value stored in the column represented by the
 (defgeneric update-record-from-slot (object slot &key database)
   (:documentation
    "Updates the value stored in the column represented by the


@@ -31,7 +66,7 @@ attributes having default values. Furthermore, OBJECT becomes
 associated with DATABASE."))
 
 (defgeneric update-record-from-slots (object slots &key database)
 associated with DATABASE."))
 
 (defgeneric update-record-from-slots (object slots &key database)

-  (:documentation 
+  (:documentation

    "Updates the values stored in the columns represented by the
 slots, specified by the CLOS slot names SLOTS, of View Class
 instance OBJECT. DATABASE defaults to *DEFAULT-DATABASE* and
    "Updates the values stored in the columns represented by the
 slots, specified by the CLOS slot names SLOTS, of View Class
 instance OBJECT. DATABASE defaults to *DEFAULT-DATABASE* and


@@ -42,7 +77,7 @@ represented by SLOTS are initialised from the values of the
 supplied slots with other attributes having default
 values. Furthermore, OBJECT becomes associated with DATABASE."))
 
 supplied slots with other attributes having default
 values. Furthermore, OBJECT becomes associated with DATABASE."))
 

-(defgeneric update-records-from-instance (object &key database)
+(defgeneric update-records-from-instance (object &key database this-class)

   (:documentation
    "Using an instance of a View Class, OBJECT, update the table
 that stores its instance data. DATABASE defaults to
   (:documentation
    "Using an instance of a View Class, OBJECT, update the table
 that stores its instance data. DATABASE defaults to


@@ -52,13 +87,13 @@ case, a record is created in the appropriate table of DATABASE
 using values from the slot values of OBJECT, and OBJECT becomes
 associated with DATABASE."))
 
 using values from the slot values of OBJECT, and OBJECT becomes
 associated with DATABASE."))
 

-(defgeneric delete-instance-records (object)
+(defgeneric delete-instance-records (object &key database)

   (:documentation
    "Deletes the records represented by OBJECT in the appropriate
 table of the database associated with OBJECT. If OBJECT is not
 yet associated with a database, an error is signalled."))
 
   (:documentation
    "Deletes the records represented by OBJECT in the appropriate
 table of the database associated with OBJECT. If OBJECT is not
 yet associated with a database, an error is signalled."))
 

-(defgeneric update-instance-from-records (object &key database)
+(defgeneric update-instance-from-records (object &key database this-class)

   (:documentation
    "Updates the slot values of the View Class instance OBJECT
 using the attribute values of the appropriate table of DATABASE
   (:documentation
    "Updates the slot values of the View Class instance OBJECT
 using the attribute values of the appropriate table of DATABASE


@@ -77,8 +112,8 @@ database, *DEFAULT-DATABASE*.  Join slots are updated but
 instances of the class on which the join is made are not
 updated."))
 
 instances of the class on which the join is made are not
 updated."))
 

-(defgeneric instance-refreshed (object) 
-  (:documentation 
+(defgeneric instance-refreshed (object)
+  (:documentation

    "Provides a hook which is called within an object oriented
 call to SELECT with a non-nil value of REFRESH when the View
 Class instance OBJECT has been updated from the database. A
    "Provides a hook which is called within an object oriented
 call to SELECT with a non-nil value of REFRESH when the View
 Class instance OBJECT has been updated from the database. A


@@ -93,23 +128,9 @@ value.  If nulls are allowed for the column, the slot's value will be
 nil, otherwise its value will be set to the result of calling
 DATABASE-NULL-VALUE on the type of the slot."))
 
 nil, otherwise its value will be set to the result of calling
 DATABASE-NULL-VALUE on the type of the slot."))
 

-(defgeneric output-sql (expr database)
-  )
-
-(defgeneric output-sql-hash-key (arg database)
-  )
-
-(defgeneric collect-table-refs (sql)
-  )
-(defgeneric database-output-sql (arg database)
-  )
-(defgeneric database-constraint-description  (constraint database)
-  )

 (defgeneric database-pkey-constraint  (class database)
   )
 (defgeneric database-pkey-constraint  (class database)
   )

-(defgeneric database-constraint-statement  (constraints database)
-  )
-(defgeneric %install-class  (class database)
+(defgeneric %install-class  (class database &key transactions)

   )
 (defgeneric database-generate-column-definition  (class slotdef database)
   )
   )
 (defgeneric database-generate-column-definition  (class slotdef database)
   )


@@ -119,8 +140,56 @@ DATABASE-NULL-VALUE on the type of the slot."))
   )
 (defgeneric get-slot-values-from-view  (obj slotdeflist values)
   )
   )
 (defgeneric get-slot-values-from-view  (obj slotdeflist values)
   )

-(defgeneric database-output-sql-as-type  (type val database)
+(defgeneric database-output-sql-as-type  (type val database db-type)
+  )
+(defgeneric read-sql-value  (val type database db-type)

   )
   )

-(defgeneric read-sql-value  (val type database)
+(defgeneric database-add-autoincrement-sequence (class database)
+  (:method (class database) nil)
+  (:documentation "If a database needs to add a sequence for its
+    autoincrement to work, this is where it should go.  Default is
+    that it doesnt so just return nil"))
+(defgeneric database-remove-autoincrement-sequence (class database)
+  (:method (class database) nil)
+  (:documentation "If a database needs to add a sequence for its
+    autoincrement to work, this is where it should go.  Default is
+    that it doesnt so just return nil"))
+(defgeneric auto-increment-sequence-name (class slotdef database)
+  (:documentation "The sequence name to create for this autoincremnt column on this class
+   if returns nil, there is no associated sequence "))
+
+(defmethod auto-increment-sequence-name :around (class slot database)
+  (when (auto-increment-column-p slot database)
+    (call-next-method)))
+
+(defgeneric database-last-auto-increment-id (database table column)

   )
 
   )
 

+
+
+;; Generation of SQL strings from lisp expressions
+
+(defgeneric output-sql (expr database)
+  (:documentation "Writes an SQL string appropriate for DATABASE
+  and corresponding to the lisp expression EXPR to
+  *SQL-STREAM*. The function SQL-OUTPUT is a top-level call for
+  generating SQL strings which initialises *SQL-STREAM*, calls
+  OUTPUT-SQL and reads the generated SQL string from
+  *SQL-STREAM*."))
+
+(defgeneric database-output-sql (expr database)
+  (:documentation "Returns an SQL string appropriate for DATABASE
+  and corresponding to the lisp expression
+  EXPR. DATABASE-OUTPUT-SQL is called by OUTPUT-SQL when no more
+  specific method exists for EXPR."))
+
+(defgeneric output-sql-hash-key (expr database)
+  (:documentation "Returns a list (or other object suitable for
+use as the key of an EQUAL hash table) which uniquely identifies
+the arguments EXPR and DATABASE."))
+
+(defgeneric collect-table-refs (sql)
+  )
+
+(defgeneric database-constraint-statement  (constraints database)
+  )